[Bug 200558] [patch] security/nmap: partially ignores WITH_OPENSSL_PORT=yes
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun May 31 23:55:07 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200558
Bug ID: 200558
Summary: [patch] security/nmap: partially ignores
WITH_OPENSSL_PORT=yes
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ohauer at FreeBSD.org
Reporter: truckman at FreeBSD.org
Flags: maintainer-feedback?(ohauer at FreeBSD.org)
Assignee: ohauer at FreeBSD.org
Keywords: patch
Created attachment 157318
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157318&action=edit
patch to make security/nmap fully obey WITH_OPENSSL_PORT=yes
If security/nmap is build with WITH_OPENSSL_PORT=yes on FreeBSD 8 (and probably
9), nping and ncat are linked to the base openssl libraries.
% ldd /usr/local/bin/nmap
/usr/local/bin/nmap:
libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x33dae000)
libpcap.so.7 => /lib/libpcap.so.7 (0x33e1a000)
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x33e48000)
libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x33eaa000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x34038000)
libm.so.5 => /lib/libm.so.5 (0x34127000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x34141000)
libc.so.7 => /lib/libc.so.7 (0x3414c000)
libthr.so.3 => /lib/libthr.so.3 (0x34268000)
% ldd /usr/local/bin/ncat
/usr/local/bin/ncat:
libssl.so.6 => /usr/lib/libssl.so.6 (0x33cd5000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x33d21000)
libpcap.so.7 => /lib/libpcap.so.7 (0x33e7d000)
libm.so.5 => /lib/libm.so.5 (0x33eab000)
libc.so.7 => /lib/libc.so.7 (0x33ec5000)
ldd /usr/local/bin/nping
/usr/local/bin/nping:
libssl.so.6 => /usr/lib/libssl.so.6 (0x33ced000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x33d39000)
libpcap.so.7 => /lib/libpcap.so.7 (0x33e95000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x33ec3000)
libm.so.5 => /lib/libm.so.5 (0x33fb2000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x33fcc000)
libc.so.7 => /lib/libc.so.7 (0x33fd7000)
The culprit appears to be this code in Makefile:
# fix for gcc from ports
.if ${CHOSEN_COMPILER_TYPE} == gcc
GCCLIBDIR_CMDS= ${CC} -print-file-name=libstdc++.so | ${SED} -e
's/libstdc++.so//'
CONFIGURE_ARGS+=LDFLAGS="-L$$(${GCCLIBDIR_CMDS})"
NOT_BASE_CC= true
.endif
There is nothing in this Makefile that causes anything other than the base
compiler to be used. On FreeBSD 8 and 9, the base compiler is gcc, so the .if
condition is satisfied. The code inside the conditional block then causes
LDFLAGS=-L/usr/lib
to be added to CONFIGURE_ARGS. When configure is run for ncat and nping, this
directory is prepended to the directory specified by the --with-openssl=DIR
option, so libssl and libcrypto from base get linked into these applications.
*If* gcc from ports is somehow selected by USES=compiler:something or
USE_GCC=yes, then the ports frameworks adds the necessary stuff to find the
proper version of libstdc++ to LDFLAGS, which gets included in CONFIGURE_ENV.
If passing this as an argument to configure turns out to be necessary, then it
could be done like this:
CONFIGURE_ARGS+=LDFLAGS=${LDFLAGS}
Further down there is the code fragment:
# gcc from ports is in use
.if defined(NOT_BASE_CC)
@${ECHO_MSG} do not forget to adjust libnmap.conf
.endif
In addition to the problem of of CHOSEN_COMPILER_TYPE==gcc not indicating
that gcc from ports is in use, this message should probably go into pkg-message
instead of being echoed during the build. Also, I have found no documentation
about libnmap.conf. Is this supposed to be libmap.conf? If so, this should
not be necessary because the base compiler is always used, and even if ports
gcc is used, the executables will be built with the necessary rpath to find the
correct libstdc++.
I think all this extra stuff in the Makefile is unnecessary.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list